Rafael J. Wysocki wrote:
I'm going to apply your previous patch as a short term fix.
Consider adding this one too. It makes RSA_data itself much smaller. Not
all RSA components need to take 512 bytes:
n - the modulus - can be as big as 4096 bits = 512 bytes.
e - public exponent - the usual choices are 17, 41, 257, 65537. The
current libgcrypt version selects 65537 by default. In all cases,
it's a small number, which fits into 3 bytes. Maybe someone in the
future will want to use bigger values. Let's have some slack here.
16 bytes should be enough for everyone ;-)
d - private exponent - full 4096 bits = 512 bytes.
p,q - random primes from which n is composed (n=p*q) - each of them is
half the length of n. 4096/2=2048 bits = 256 bytes for each.
u - the inverse (1=(p*u) mod q) - needs the same length as the
prime: 256 bytes.
Should my analysis be incorrect and the key needs more space,
suspend-keygen will complain when trying to save it.
Notice that the on-disk format of the RSA key is not changed by this
patch, so it shouldn't be necessary to recreate keys after applying it.
In the long run I'd like to fix this by using a separate page for
storing the encryption-related data.
Maybe it won't be necessary, after all.
Greetings,
Rafael
Michal
diff -Nurp suspend.mmm/encrypt.h suspend/encrypt.h
--- suspend.mmm/encrypt.h 2007-01-22 17:43:34.000000000 +0100
+++ suspend/encrypt.h 2007-01-22 17:43:46.000000000 +0100
@@ -28,7 +28,7 @@
#define PK_KEY_SIZE 16
#define PK_CIPHER_BLOCK 16
/* Auxiliary constants */
-#define RSA_DATA_SIZE 3072
+#define RSA_DATA_SIZE (512+16+512+256+256+256) /* n,e,d,p,q,u */
#define KEY_DATA_SIZE 512
#define RSA_FIELDS 6
#define RSA_FIELDS_PUB 2
diff -Nurp suspend.mmm/keygen.c suspend/keygen.c
--- suspend.mmm/keygen.c 2007-01-22 17:41:34.000000000 +0100
+++ suspend/keygen.c 2007-01-22 17:43:46.000000000 +0100
@@ -88,21 +88,21 @@ Retry:
goto Free_RSA;
}
- /* Convert the key length into bytes */
- size = (len + 7) >> 3;
/* Copy the public key components to struct RSA_data */
offset = 0;
for (j = 0; j < RSA_FIELDS_PUB; j++) {
char *str;
size_t s;
- if (offset + size >= RSA_DATA_SIZE)
- goto Free_RSA;
-
gcry_ac_data_get_index(rsa_data_set, GCRY_AC_FLAG_COPY, j,
(const char **)&str, &mpi);
- gcry_mpi_print(GCRYMPI_FMT_USG, rsa.data + offset,
- size, &s, mpi);
+ ret = gcry_mpi_print(GCRYMPI_FMT_USG, rsa.data + offset,
+ RSA_DATA_SIZE - offset, &s, mpi);
+ if (ret) {
+ fprintf(stderr, "RSA key components too big\n");
+ goto Free_RSA;
+ }
+
rsa.field[j][0] = str[0];
rsa.field[j][1] = '\0';
rsa.size[j] = s;
@@ -174,13 +174,14 @@ Retry:
char *str;
size_t s;
- if (offset + size >= RSA_DATA_SIZE)
- goto Free_sym;
-
gcry_ac_data_get_index(rsa_data_set, GCRY_AC_FLAG_COPY, j,
(const char **)&str, &mpi);
- gcry_mpi_print(GCRYMPI_FMT_USG, rsa.data + offset,
- size, &s, mpi);
+ ret = gcry_mpi_print(GCRYMPI_FMT_USG, rsa.data + offset,
+ RSA_DATA_SIZE - offset, &s, mpi);
+ if (ret) {
+ fprintf(stderr, "RSA key components too big\n");
+ goto Free_sym;
+ }
/* We encrypt the data in place */
ret = gcry_cipher_encrypt(sym_hd, rsa.data + offset, s, NULL,
0);
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Suspend-devel mailing list
Suspend-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/suspend-devel
